- From: Karl <notifications@github.com>
- Date: Fri, 01 Mar 2024 04:35:41 -0800
- To: whatwg/url <url@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Friday, 1 March 2024 12:35:45 UTC
I think conceptually the idea is that we don't want to couple the hostnames of special URLs _too tightly_ with DNS, although I don't think it is well defined (long-standing issue https://github.com/whatwg/url/issues/397). That said, a length limit on the encode function to prevent overflow is a practical necessity. My library uses 32-bit integers, so to prevent overflow we refuse to encode input sequences longer than 3854 scalars. That's not even for DoS protection; it's just for correctness. https://github.com/karwa/swift-url/blob/01ad5a103d14839a68c55ee556513e5939008e9e/Sources/IDNA/Punycode.swift#L185-L202 I wouldn't necessarily mind a tighter bound to keep the n^2 encoding algorithm under control. I'm not sure it makes sense to use length limits from DNS, though. -- Reply to this email directly or view it on GitHub: https://github.com/whatwg/url/issues/824#issuecomment-1973113765 You are receiving this because you are subscribed to this thread. Message ID: <whatwg/url/issues/824/1973113765@github.com>
Received on Friday, 1 March 2024 12:35:45 UTC